3 Copyright 2004 by the Massachusetts Institute of Technology
7 Permission to use, copy, modify, and distribute this software and its
8 documentation for any purpose and without fee is hereby granted,
9 provided that the above copyright notice appear in all copies and that
10 both that copyright notice and this permission notice appear in
11 supporting documentation, and that the name of the Massachusetts
12 Institute of Technology (M.I.T.) not be used in advertising or publicity
13 pertaining to distribution of the software without specific, written
16 M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
17 ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
18 M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
19 ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
20 WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
21 ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
37 #define AFSSERVICE "TransarcAFSDaemon"
38 #define AFSCLIENT_ADMIN_GROUPNAME "AFS Client Admins"
39 #define EVERYONE_GROUPNAME "Everyone"
41 char * progname = NULL;
43 void show_usage(void) {
45 "%s : Set or reset the DACL to allow starting or stopping\n"
46 " the afsd service by any ordinary user.\n"
48 "Usage : %s [-set | -reset] [-show]\n"
49 " -set : Sets the DACL\n"
50 " -reset : Reset the DACL\n"
51 " -show : Show current DACL (SDSF)\n"
52 , progname, progname);
55 void show_last_error(DWORD code) {
56 LPVOID lpvMessageBuffer;
59 code = GetLastError();
61 FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
62 FORMAT_MESSAGE_FROM_SYSTEM,
64 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
65 (LPTSTR)&lpvMessageBuffer, 0, NULL);
68 "%s: Error %d : %s\n",
71 (LPSTR) lpvMessageBuffer);
73 LocalFree(lpvMessageBuffer);
76 int set_dacl(int action) {
78 BOOL bDaclPresent = FALSE;
79 BOOL bDaclDefaulted = FALSE;
81 SC_HANDLE s_afs = NULL;
82 PSECURITY_DESCRIPTOR psdesc = NULL;
85 EXPLICIT_ACCESS exa[2];
87 DWORD code = ERROR_SUCCESS;
88 SECURITY_DESCRIPTOR sd;
90 scm = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
96 s_afs = OpenService(scm, AFSSERVICE, READ_CONTROL | WRITE_DAC);
102 if (!QueryServiceObjectSecurity(s_afs, DACL_SECURITY_INFORMATION,
105 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
107 psdesc = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(),
108 HEAP_ZERO_MEMORY, dwSize);
115 if (!QueryServiceObjectSecurity(s_afs,
116 DACL_SECURITY_INFORMATION, psdesc, dwSize, &dwSize)) {
126 /* else : shouldn't happen. */
128 if (!GetSecurityDescriptorDacl(psdesc, &bDaclPresent, &pacl, &bDaclDefaulted))
131 BuildExplicitAccessWithName(&exa[0], AFSCLIENT_ADMIN_GROUPNAME,
132 SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
136 BuildExplicitAccessWithName(&exa[1], EVERYONE_GROUPNAME,
137 SERVICE_START | SERVICE_STOP | READ_CONTROL,
138 ((action==RESETDACL)?REVOKE_ACCESS:SET_ACCESS),
141 code = SetEntriesInAcl(2, exa, pacl, &pnewacl);
142 if(code != ERROR_SUCCESS) {
143 show_last_error(code);
146 if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
149 if(!SetSecurityDescriptorDacl(&sd, TRUE, pnewacl, FALSE))
152 if (!SetServiceObjectSecurity(s_afs, DACL_SECURITY_INFORMATION, &sd))
159 HeapFree(GetProcessHeap(), 0, psdesc);
161 CloseServiceHandle(s_afs);
163 CloseServiceHandle(scm);
168 int show_dacl(void) {
170 BOOL bDaclPresent = FALSE;
171 BOOL bDaclDefaulted = FALSE;
172 SC_HANDLE scm = NULL;
173 SC_HANDLE s_afs = NULL;
174 PSECURITY_DESCRIPTOR psdesc = NULL;
176 DWORD code = ERROR_SUCCESS;
177 SECURITY_DESCRIPTOR sd;
180 scm = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
186 s_afs = OpenService(scm, AFSSERVICE, READ_CONTROL);
192 if (!QueryServiceObjectSecurity(s_afs, DACL_SECURITY_INFORMATION,
195 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
197 psdesc = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(),
198 HEAP_ZERO_MEMORY, dwSize);
205 if (!QueryServiceObjectSecurity(s_afs,
206 DACL_SECURITY_INFORMATION, psdesc, dwSize, &dwSize)) {
216 /* else : shouldn't happen. */
218 if(!ConvertSecurityDescriptorToStringSecurityDescriptor(
221 DACL_SECURITY_INFORMATION,
229 printf("DACL for AFSD service is : [%s]\n",pstr);
235 HeapFree(GetProcessHeap(), 0, psdesc);
237 CloseServiceHandle(s_afs);
239 CloseServiceHandle(scm);
244 int main(int argc, char ** argv) {
245 int showdacl = FALSE;
252 for(i=1; i<argc; i++) {
253 if(!strcmp(argv[i],"-set") && !action)
255 else if(!strcmp(argv[i], "-reset") && !action)
257 else if(!strcmp(argv[i], "-show"))
265 if(!showdacl && action == 0) {
271 rv = set_dacl(action);